Thoughts about Java and more

Menu

Code Quality Tools in Java

There are several tools to measure the code quality of my free timetabling software TimeFinder. Here are the tools I tried with success:

FindBugs (latest version 1.3.8) – uses static analysis to look for bugs in Java code. This is a great tool, it discovered possible NullPointerExceptions and a lot more bugs in my projects. Sometimes I asked myself how this program could have discovered this ‘complicated’ bug.With the maven plugin you can do:

mvn findbugs:findbugs

which will use version 1.3.8 out of the box

PMD (latest version 4.2.5) – scans Java source code and looks for potential problems. The rules are configurable, but at the beginning you will only need the provided one (and spend a lot of time to choose your favourites ;-))In NetBeans 6.5 this tool is well integrated and works like a charme (CTRL+ALT+P).With the maven plugin you can do:

mvn pmd:pmd

after you specified the following in the pom.xml under<reporting> <plugins> :

JarAnalyzer – Is a dependency management utility for jar files. It’s primary purpose is to traverse through a directory, parse each of the jar files in that directory, and identify the dependencies between the jar files.

For Findbugs and pmd there is a NetBeans plugin (SQE … software quality environment) which looks promising, but fails with a NullPointerException after I installed it via the update center and tried it on my project. Maybe I should use one of the snapshots. (BTW: I successfully used the pmd-plugin and findbugs in the standalone version).

Sonar is another interesting approach to use several code quality tools at a time. With Sonar it is possible to see the violations or possible bugs over das or weeks – so, you are looking at the improvements and you will not get lost in the mass of bugs at the beginning. Another “multi-tooling” project is XRadar.

A little bit offtopic, but a great tool is proguard, which shrinks, optimizes, obfuscates and preverifies Java class files. There is even a maven plugin for that.

Besides the statical approach to identify issues you can also do dynamic execution analysis of your code – this would allow you to identify architectural issues like “the same SQL is executed multiple times for the same transaction” or “too many roundtrips via the remoting channel”.
The following blog describes the basic principles about performance management – with a focus on how to automate that process in a continuous integration environment: http://blog.dynatrace.com/2009/05/04/performance-management-in-continuous-integration/

there is a new open source quality tool called CODERU (http://coderu.org , developed by me to support my current project) that uses quite other approach as FindBugs or PMD.

While FindBugs and PMD have a focus on the method and algorithm level, CODERU addresses structural quality on package and therefor classes dependency level.

CODERU force you and your teem member to write layered and component oriented code by follow predefined coding rules.

The rules are simple, but prevent arising a complex design problems.

The CODERU-rules rely on reserved package names and the allowed dependency rules between them expressed in a general way.

Unlike other tool forcing you to define allowed or disallowed individual package dependencies CODERU is based on a fixed set of general rules. The dependencies between packages need not be defined explicitly.